claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use query_parameters() in SQL select, update and delete statements to protect against

Browse Source 
sql injection attacks
This commit is contained in:
Chris Morgan
2006-06-27 19:16:27 +00:00
committed by WineHQ
parent e6458694f4
commit e3f9e5371a
46 changed files with 602 additions and 484 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
appview.php
View File

@@ -44,11 +44,12 @@ function display_catpath($catId, $appId, $versionId = '')
/**
* display the SUB apps that belong to this app
*/
function display_bundle($appId)
function display_bundle($iAppId)
{
$oApp = new Application($appId);
$hResult = query_appdb("SELECT appFamily.appId, appName, description FROM appBundle, appFamily ".
"WHERE appFamily.queued='false' AND bundleId = $appId AND appBundle.appId = appFamily.appId");
$hResult = query_parameters("SELECT appFamily.appId, appName, description FROM appBundle, appFamily ".
"WHERE appFamily.queued='false' AND bundleId = '?' AND appBundle.appId = appFamily.appId",
$iAppId);
if(!$hResult || mysql_num_rows($hResult) == 0)
{
return; // do nothing